South Korean Banks Fined £3,400 After Epic January Data Breach

Seoul gangnam buddha south korea © SeanPavonePhoto

KB Kookmin Bank, Lotte Card and NongHyup Card will not be able to issue credit cards for the next three months

South Korean authorities have placed temporary limits on operations of the three credit card issuers which were involved in the recent data leak that affected as many as 20 million customers.

Data stolen in January included names, emails, physical addresses, social security numbers, credit card numbers and phone numbers but no passwords or Card Verification Value (CVV) numbers were compromised. According to the BBC, the three firms – KB Kookmin Bank, Lotte Card and NongHyup Card – were also hit with a fine of six million won (£3,371) each.

“The three companies neglected their legal duties of preventing any leakage of customer information, and [to comply with] internal controls,” said the South Korean Financial Supervisory Commission (FSC) in a statement.

The FSC declared that the banks were guilty of neglect, and said they will be unable to issue new cards for the next three months. With the fine almost negligible, it is the temporary suspension that’s set to punish the banks: the South Korean credit market is highly competitive, and not being able to sign up new customers for a whole quarter could ruin a less capable business.

Data breach Punishment

Piotr Marcinski

As many as 104 million cards were compromised in the January breach – the largest in South Korean history. It was allegedly perpetrated by a contractor working for the Korea Credit Bureau, a credit ratings agency similar to Experian and Equifax in the UK.

It is thought that the contractor saved the data on a USB stick for more than a year, before attempting to sell it to marketing companies though two accomplices. All three have now been arrested.

An average South Korean owns four credit cards, and the incident resulted in thousands of customers besieging the offices of the credit card issuers. Many of those affected have cancelled cards or applied for new ones.

The incident prompted a public apology from the banks, and the resignation of several executives. Many customers are now considering joining class action lawsuits against the organisations involved in the breach.

Even though the data cannot give a third party access to the customers’ funds, it can make them the target of fraudulent marketing emails and calls.

In December, US retailer Target was breached, exposing credit card details of as many as 110 million people.

How well do you know network security? Try our quiz and find out!